Proposal: consumer sends special openid.server discovery header URL/arg

Martin Atkins mart at degeneration.co.uk
Fri May 20 09:35:50 PDT 2005


Brad Fitzpatrick wrote:
> On Fri, 20 May 2005, Martin Atkins wrote:
> 
> 
>>>Either:
>>>
>>>1) New URL argument:
>>
>>[snip]
>>
>>>2) New HTTP header:
>>
>>[snip]
>>
>>I don't really like either of those options, but I'd pick 1) if I had to
>>choose, for the reasons you state. People would forget to use the
>>no-cache directive, and in most cases it'll be fine but then there'll be
>>some weird case where for some reason a consumer (or a non-browser
>>client, more likely) makes a request through a shared proxy and it'll
>>screw everything up.
> 
> 
> What about User-Agent including "openid.discover" somewhere in it?
> 

That suffers the same issue as the non-standard header. Proxies don't 
(by default) distinguish between User-Agent values. Including User-Agent 
in "Vary" is dubious, too, as it's really intended for the Accept-* 
family of headers.



More information about the yadis mailing list